terraform user and policy notes

terraform_iam_users_and_policys_notes.md

1. user creation: aws_iam_user and aws_iam_access_key comparing with manually creation from console, terraform created user :
   • can be destroyed(revoked) by terraform
   • can be used as variables in other resources
   • will store all key and secret in tfstate file, not secure?
2. ways to apply policy to resource and user:
   • create aws_iam_policy_document, assign to policy arg of aws_iam_user_policy
     • using user arg to attach policy
     • or using principle in policy's statement to attach to different IAM users
   • create aws_iam_policy_document, attached to aws_iam_user_policy_attachment
     • can attach to user, role or group
     • attach to multiple in one resource
   • create aws_iam_policy_document, assign to policy arg of resource_policy respectively, eg: aws_s3_bucket_policy,
     • have to use 'principle' in statement to assign permission to user
   • using json policy assign to policy arg of aws_iam_user_policy or resource_policy
3. ways to create iam_policy_document
   • terraform configuration block aws_iam_policy_document
   • inline json
   • using file